The Army Wants To Recruit Cyber Experts By Hiring Civilians At Rank Of Colonel

compforce said:
I know that in theory that is how the Warrant Officer program is supposed to work. In the IT field, they aren't delegated enough authority to get the job done. The CW3 that was my counterpart for the first half of the deployment sat on a help desk for at least the first year after his return to CONUS. He wasn't allowed to even reset a password. He was required to answer the phone and start a ticket for the contractors to change the password. That's it, no hands on. What a waste of training. He was pretty solid at the network side of things. I saw that situation quite a few times both inside SOCOM and on the conventional side. If the Warrant Officer program worked like it was supposed to and enlisted training was up to speed, you wouldn't need all of the contractors.

Also, you are certainly correct about already having it. It's the FA program I linked to in my earlier post.
Click to expand...

If everything worked like it was supposed to, we wouldn't be talking about bringing people completely outside the profession into the ranks as full colonels.

What you just described is the polar opposite of what I saw warrant officers in aviation, intel, SF, and maintenance fields. They were all the epitome of "hands on." There's no reason to assume that if cyber warrants were hired for those skills, they wouldn't be put to use in the force.
 
Marauder06 said:
If everything worked like it was supposed to, we wouldn't be talking about bringing people completely outside the profession into the ranks as full colonels.

What you just described is the polar opposite of what I saw warrant officers in aviation, intel, SF, and maintenance fields. They were all the epitome of "hands on." There's no reason to assume that if cyber warrants were hired for those skills, they wouldn't be put to use in the force.
Click to expand...

I agree with everything you just said. It's the cyber Warrants that I'm specifically referencing.

I think that the difference is that the military has kept up, or pioneered, in those fields you mentioned. In IT, they've outsourced so much of the function to contractors that they have lost the institutional knowledge of how IT works in the real world. Now most of them are reduced to following an installation checklist developed by civilians and, if it doesn't work, they have no clue how to troubleshoot. How many times has your laptop been reimaged when something was not functioning correctly? I know I'm painting with a broad brush here. I very much want to emphasize that it is not the fault of the individual Warrant Officer. The problem is systemic, DoD wide and starts at the various schoolhouses. Over 7 years and a couple of deployments I worked with quite a few Warrant Officers from CMF 250 and other branch equivalents. Of all the ones I worked with, I can count the ones that I would feel confident labelling as a Senior or Tech lead on my fingers. Of those, two were AD and the others were consistently reserves/National Guard (one of the AD ones I mentioned was technically sound, but would not have been able to hold a job in the civilian world because he was constantly belittling all of the enlisted around him). The ones from the reserves, with one exception, all held IT jobs in the civilian sector that directly aligned with their military position. The one exception was a Reserve Warrant Officer that also served as a contractor on the same system during the week. My point, which I discussed at length with a MACOM J6 is that, as long as the military continues to outsource all of the essential IT functions to contractors, the institutional knowledge will not be regained. Right now the only people that I would consider hiring for truly technical positions based solely on military experience are some of the Air Force folks and those only for mid-level technical positions or pure management positions.

I also think that the entire CMF 25 is suffering from the inbreeding effect. Basically, as knowledge has been passed down over time, some of it has been incorrectly understood by the student. Later that student passes down their imperfect understanding to their students, who understand it imperfectly and so on... As time passes, they are perceived to be inferior at their positions and the quick fix is to hire from outside. As a result, the students lose the ability to gain experiential learning in their field.

If that is the problem, the only solution is to bring in people from outside that have the right skill sets, the authority to impose the proper way of doing things and the ability to help the military regain their knowledge and catch up to the pace of new technology. I think it will take at least a decade for an organization like the Army to begin to internalize the skills required for enterprise level IT. It will take another decade to actually get back to the point where the military services are capable of self sustainment without the need for contract labor. So how do you do it? Exactly the way that was proposed. Bring in some of the known big guns to teach and give them, perhaps initially too much, authority that will ease the political process of effecting change. The lack of technical knowledge is a symptom of a flawed system. Effecting actual organizational change in a bureaucracy like the military, especially one as massive as the Signal Corp (and other branch equivalents) will take true leadership that cannot be effected at the Warrant Officer level due to the political pressure that will be placed on them to just "get it done". Without a true understanding of the longer term effects of their decisions, the balance between "right" and "right now" will always swing too far to the side of "right now" to actually be effective for more than the duration of an OER cycle.
 
Considering all that then, what about just handing off all cyber warfare functions to NSA? They have the people, the institutional knowledge and the resources to do such things.
 
SpitfireV said:
Considering all that then, what about just handing off all cyber warfare functions to NSA? They have the people, the institutional knowledge and the resources to do such things.
Click to expand...

That's what they tried to do with Cyber Command. It was/is owned by DoD, but run by the director of the NSA and shares both location and network assets with the NSA. The issue is the staffing of it is military and falls subject to the same problem that I described above.
 
Marauder06 said:
We have that already, they're called warrant officers. This isn't about competence, it's about prestige.
Click to expand...

Does the Army currently have WOs, in the required fields, that can match the competence of civilians? If the answer is no, then the Army will never get there on its own. It will need to bring in outside talent, with the rank to get things accomplished, in order to actually fix the issue. I, personally, don't care if someone is doing it for the prestige of having it on a resume, or picking up chicks at a bar. The military appears to lack the organic capability to handle the growing gap, so it needs to bring in help.
 
I should mention as well that they have an entirely different CMF (17) in cyber command from the standard 25 series that I was describing. I haven't directly interfaced with any of them, which is unusual given my position when I was in Afghanistan. I can't speak to their competence level, just that within the 25/250 series.

edit for clarity
 
CDG said:
Does the Army currently have WOs, in the required fields, that can match the competence of civilians? If the answer is no, then the Army will never get there on its own. It will need to bring in outside talent, with the rank to get things accomplished, in order to actually fix the issue. I, personally, don't care if someone is doing it for the prestige of having it on a resume, or picking up chicks at a bar. The military appears to lack the organic capability to handle the growing gap, so it needs to bring in help.
Click to expand...

I don't understand the question. Of course the Army doesn't have enough qualified WOs with the skills that can match the competence of civilians in the cyber field right now, that's the whole point of this conversation.

And if the Army just allows people to walk in off the street to fill critical gaps, they'll never develop the capacity on their own.

Your feelings about the prestige of the Officers Corps is noted. However, the very thing that attracts people to it, namely the well-earned prestige that comes from the professionalism of the military, is going to be eroded and undermined if we allow more and more people to simply walk on to very senior ranks.
 
CDG said:
Do they need to affect the force structure though? These SMEs would still be SMEs, and limited to that field, but with the rank on the collar required to actually get things done. O-3s or contractors are not going to cut it.
Click to expand...

We are kidding ourselves if we think some of these SMEs won't "flex nuts." I know of CTRs who speak for O-6's by virtue of the O-6 abrogating their authority and oversight; they rubber stamp whatever's handed to them by the CTR.

compforce said:
If that is the problem, the only solution is to bring in people from outside that have the right skill sets, the authority to impose the proper way of doing things and the ability to help the military regain their knowledge and catch up to the pace of new technology. I think it will take at least a decade for an organization like the Army to begin to internalize the skills required for enterprise level IT. It will take another decade to actually get back to the point where the military services are capable of self sustainment without the need for contract labor.
Click to expand...

The problem though is retaining those service members. By the time the SM is competent they are now eligible for one of the newly created O/CWO positions. If you can't retain the personnel you'll never improve over the long term. I'm preaching to the choir and 100% agree this is a systemic failure, but my naturally pessimistic side doesn't see this proposal ending well if it ever became reality.
 
I just don't see how bringing people in as senior officers gets you any of the gaps in capability filled.

In the medical service corps, JAG, Chaplain Corps, and functional areas they have clear delineations on what skills they want those personnel to have, what experience they need from civilian certifications or military training (in the case of functional areas), and clearly defined duties in terms of what they can and can't do (they have very specific criteria to lead others, command, and be promoted different from the rest of the Army).

That's an enormous undertaking for the cyber world - without any correlation to the civilian sector. Does a hot-shit 25 year old hacker have the requisite experience to be brought in - or is it only PhD candidates from MIT? Once commissioned what's the structure they fall into?

The whole point of having Soldiers do something vs civilians is the ability they bring to work under combat conditions, operate in a chain of command, and employ skills in a wide-array of areas - rifleman first gets after the principle. I work in intelligence. There are shit-tons of civilians and contractors sitting in TOPIs at NSA across from our Soldiers with more experience and technical skill at that one function - but none of them are ready to deploy tomorrow, travel in a convoy, lead a team of other Soldiers, or fit into a task-organized command structure. That's why NSA can never get enough military folks - even though the most 'skilled' analysts will always be on the civilian side for depth of experience (if not breadth). I think the same thing holds true across the IC with some exceptions (DoS, CIA, DoE, FBI).

Other than the pay, I don't see what an O-6 off the street gets you in cyber. 'Hi, I'm COL Duce. I have no promotion potential, no experience or knowledge about the military or IC, no contacts with other servicemembers from the last 25 years of service, no leadership experience, but I really know computers. Does my rank impress you enough to do shit for me?' I just don't see it. If the goal is money and prestige to bring them in why not just give all of them a bonus and a Special Forces or Ranger tab - those always impress the shit out of people, and we've already established we don't want them to go through the same shit as other people to earn rank - why stop there.

There's a reason we don't make the smartest 2LT in the Army the battalion commander or the most strack PFC the 1SG. Experience counts right alongside knowledge and skill. I find it hard to believe there's any technical skills, even in the cyber world, that can bridge that deficit sufficiently.
 
Il Duce said:
...'Hi, I'm COL Duce. I have no promotion potential, no experience or knowledge about the military or IC, no contacts with other servicemembers from the last 25 years of service, no leadership experience, but I really know computers...
Click to expand...

Il Duce said:
...'There's a reason we don't make the smartest 2LT in the Army the battalion commander or the most strack PFC the 1SG. Experience counts right alongside knowledge and skill. I find it hard to believe there's any technical skills, even in the cyber world, that can bridge that deficit sufficiently...
Click to expand...

Based on what I've read, experience is exactly what the Army is looking to recruit.

I'd hazard that the average CISO or network security lead at just about any web-scale company is going to have both a greater breadth and depth of knowledge surrounding how to deliver and secure mission critical infrastructure and experience building and leading high performing technical teams than exists in the officer corps currently (even within the FAs @compforce previously referenced).

While I agree civilian imports won't have the benefit of the tribal knowledge that comes with being raised within the establishment, they'll also probably be less likely to be constrained by a desire to maintain the status quo because of it.
 
compforce said:
There would be major prestige in the IT world as a member of a nation state's (the US) offensive cyber capabilities. Quite a few talented geeks would work for less than they could make to have that as a part of their legitimate resume. It would also open a huge field of very well paying jobs in IT security for those people. They would write their own paycheck after 7-10 years experience at that level.
Click to expand...

Being able to point at a BS, JSCOM, or something with a citation effectively stating you p0wned another nation? Pfft. Nevermind having the level of assets for offensive work, getting to red team against our own for pen testing, etc.

Sign me the hell up for weekend CQ, the barracks would be a huge lan party on the weekends with games and hacking CTFs..
 
Marauder06 said:
I don't understand the question. Of course the Army doesn't have enough qualified WOs with the skills that can match the competence of civilians in the cyber field right now, that's the whole point of this conversation.

And if the Army just allows people to walk in off the street to fill critical gaps, they'll never develop the capacity on their own.

Your feelings about the prestige of the Officers Corps is noted. However, the very thing that attracts people to it, namely the well-earned prestige that comes from the professionalism of the military, is going to be eroded and undermined if we allow more and more people to simply walk on to very senior ranks.
Click to expand...

My intent was not to disparage the Officer Corps. My point was that the feelings of these civilians not having earned the right to be officers by virtue of being SMEs is misguided in this one small area. I am not denigrating the Officer Corps as a whole, or saying Army Officers do not deserve to take pride in that accomplishment.

The Army has to have outside assistance to develop the capacity. They are currently incapable of doing it organically. Contractors are not going to have the requisite pull to make meaningful change. My entire point for this idea is that the Army is so rank conscious, that nothing short of Eagles or Stars will get the Cyber ship turned around and headed on the right track.

I have been thinking on this more, and I don't even think it needs to be a permanent commission. Bring these guys/girls in with the understanding that it will be re-evaluated in 5 years. Their job in the meantime is to identify deficiencies in training, equipment, procurement, and operational capability, followed by an outline of how to fix the issue and sustain the change. At the 5 year mark, evaluate whether some, or all, need to stay on, or whether some, or all, can be returned to the civilian sector. It's a win for both sides.
 
AWP said:
We are kidding ourselves if we think some of these SMEs won't "flex nuts." I know of CTRs who speak for O-6's by virtue of the O-6 abrogating their authority and oversight; they rubber stamp whatever's handed to them by the CTR.
Click to expand...

Of course some of them will. So what? The military creates its own leaders who do the same thing already. It's nothing new under the sun, and there are no perfect fixes.
 
104TN said:
Based on what I've read, experience is exactly what the Army is looking to recruit.

I'd hazard that the average CISO or network security lead at just about any web-scale company is going to have both a greater breadth and depth of knowledge surrounding how to deliver and secure mission critical infrastructure and experience building and leading high performing technical teams than exists in the officer corps currently (even within the FAs @compforce previously referenced).

While I agree civilian imports won't have the benefit of the tribal knowledge that comes with being raised within the establishment, they'll also probably be less likely to be constrained by a desire to maintain the status quo because of it.
Click to expand...

I'm sure there are competitive marksmen who are in great shape - doesn't mean they should walk on as an E-7 sniper. A great mechanic who runs a number of car repair shops is not ready to walk on and command an ordnance battalion. A stunt pilot likely has incredible reflexes, understanding of handling an aircraft, and tons of flying hours - doesn't mean he's ready to fly a fighter, much less lead a squadron of them.

It may seem like senior officers in the cyber world don't do shit - or maybe just officers in general - but that's a mistaken assumption. If you think they do things - but those things are worthless - that's an opinion you're certainly entitled.

The 780th MI BDE (Army Cyber BDE) is about 50/50 17 and 35 series officers and enlisted. The work embedded in the SIGINT community. There is a significant amount of parallel between what cyber leaders have to do and what strategic MI leaders have to do.
 
Last edited:
Il Duce said:
I'm sure there are competitive marksmen who are in great shape - doesn't mean they should walk on as an E-7 sniper. A great mechanic who runs a number of car repair shops is not ready to walk on and command an ordnance battalion. A stunt pilot likely has incredible reflexes, understanding of handling an aircraft, and tons of flying hours - doesn't mean he's ready to fly a fighter, much less lead a squadron of them.

It may not seem like senior officers in the cyber world don't do shit - or maybe just officers in general - but that's a mistaken assumption. If you think they do things - but those things are worthless - that's an opinion you're certainly entitled.

The 780th MI BDE (Army Cyber BDE) is about 50/50 17 and 35 series officers and enlisted. The work embedded in the SIGINT community. There is a significant amount of parallel between why cyber leaders have to do and what strategic MI leaders have to do.
Click to expand...

My post wasn't a condemnation of the officer corps. That a program like this is on the table after several years of the Army sharing press about a lack of capability is a solid indicator that there are critical skills germane to the Cyber mission that the existing officer corps lacks and can't develop in-house.

Comparing senior technology leaders from the civilian sector (many with experience meeting insane SLAs while protecting infrastructure from the same state sponsored threats the DoD is dealing with) to individual contributors and small business owners is pretty far off base and doesn't bolster your argument IMO.

When it comes to InfoSec, IA, and network operations there's certainly some "stuff" you can take a kid out of high school and train and them to do, or even send an officer off to a course to learn. However, when you start talking about true architect-level technologists or industry thought leaders working at the CXO level, the knowledge, skills and abilities these people possess are as comparable to someone working at the level you've described above as a medical assistant's are to an experienced MD's.

We're not talking about shoehorning someone with roughly related functional skills into a completely dissimilar role. What's being proposed is recruiting civilians with a proven talent for solving the exact challenges the Army is facing, and putting them into positions where their expertise and experiences can fill gaps and catalyze change.

Building on the Medical Corps analogy as there's a corollary there, would you take umbrage with the idea of a department head from a major medical center joining the service at an advanced pay grade? Is none of that Doc's civilian experience transferable to the military? That's basically what we're talking about.

That said, we're arguing theory here as I don't think this program would be able to attract the kind of talent that'd actually make a difference. I just wholly disagree with the idea there aren't civilians that could join the military at a senior level and have an incredibly positive impact if attracted to the offer.
 
Last edited:
I guess ultimately it's an un-verifiable hypothesis until folks are recruited for doing these jobs - but I don't think the skills are as applicable as you imagine.

Decisions on architecture, implementation, design, and training pipelines are made by commanders and leaders - not technical experts brought in. All of those decisions are structural in nature - meaning they are going to impact significantly on infrastructure, contracting, and budget - all of which require more buy-in than a single leader. One of the benefits of the business world is being able to structure authority and organizations to meet business goals. Market competition helps to weed out failure as measured by profit margins. Government and especially the military and IC don't have the same structure - for good and for ill. If the NSA does a shitty job at SIGINT they don't go out of business in favor of a start-up SIGINT section at the FBI. Similarly, the head of the NSA doesn't get to re-organize against EO 12333 because SIGINT coverage is spotty in a target area.

Medical professionals are brought in at a high rank to execute their specialty - not to run hospitals. An O-6 thoracic surgeon is brought in to be a surgeon - and they do that under very clear guidelines of professional medical standards (that are the same as the civilian world), in a clear structure (the hospital setting). None of those are present in cyber, where authorities to operate are even more important frequently than the technical skills to operate themselves.

I've met a number of doctors who were fine leaders - though always having been an Army doctor for more than a few years, and choosing to pursue leadership training and opportunities. I don't think there's a character or intelligence deficiency in the civilian sector - but an experience one.
 
ThunderHorse said:
So the continuation of this seems to be that we'll just get rid of bootcamp for CYBER: The US military might let its IT warriors skip boot camp
Click to expand...


Similar to the Marine Corps thread on lateral moves from the private sector to instant officer. It ain't palatable but it's probably inevitable. But in addition to the uniform and the authority and all the cool bling they're gonna have to come up with some serious bonus money to attract techno nerds to military service.
 
Last edited:
They'll do a 10 day salute school like we do for some medical professionals.
Bring them in as a Sr O-3, and use bonuses to make up the pay difference. Seems to work for Medical Professionals.
FWIW- There were a ton of instant officers in WW II, they seem to heave gotten it sorted out quickly.

What I haven't seen is where all those O-6 slots are coming from, I can not imagine Congress quadrupling the O-6 billets.
 

Similar threads

Ooh-Rah
At some point the Army is going to run out of beret colors
3 4 5
Replies
81
Views
8K
JedisonsDad
JedisonsDad
RackMaster
Army launches direct commissioning program for civilian cybersecurity experts
2 3
Replies
44
Views
8K
Teufel
Teufel
Ooh-Rah
Enlistment to SOF - The ShadowSpear Way
Replies
1
Views
3K
Ooh-Rah
Ooh-Rah
RackMaster
Sec Def wants civilians "laterally" entered as O's
2 3
Replies
41
Views
5K
Teufel
Teufel
DA SWO
Air Force Rescue Helicopters Raced To The Aid Of Special Operators In Somalia
Replies
11
Views
3K
Gunz
Gunz
Back
Top